Chris,
> Am 28.01.2020 um 19:35 schrieb Christopher Schultz > <ch...@christopherschultz.net>: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Peter, > > On 1/28/20 12:24 PM, Peter Kreuser wrote: >>> Am 28.01.2020 um 18:02 schrieb Christopher Schultz >>> <ch...@christopherschultz.net>: >>> >>> You have to say certificateKeystoreType="PKCS12" (for >>> <Certificate>, or keystoreType="PKCS12" for <Connector>) as well >>> in your config. >> >> You don‘t need that in the new SSLHostConfig, right? I don‘t have >> that attribute and it works... ??? > > I'd need to see your configuration, and know what type of keystore you > are using. > <SSLHostConfig hostName=„tomcat.x.xxx" honorCipherOrder="true" protocols="TLSv1.2+TLSv1.3" ciphers="HIGH:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:!DSS"> <Certificate certificateKeystoreFile="${catalina.base}/conf/ssl/tomcat.p12" certificateKeystorePassword="changeit" certificateKeyAlias="tomcat" type="RSA" /> </SSLHostConfig> P12 is created with openssl pkcs12 -export -in tomcat.crt -inkey tomcat.key -certfile chain.pem -out tomcat.p12 -name tomcat -CAfile ca.crt -caname root -passout pass:changeit Seems to be valid and working ;-) . Peter > - -chris > -----BEGIN PGP SIGNATURE----- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4wfw4ACgkQHPApP6U8 > pFhm5A//e0VNCvCklGGFfNNxNdamDuzbaZZ3e/aCQeW85dat+rsHZDZKrPgb5MYz > 7nwjgxooe0TcvkaXzaB/pJGD21ImntWtiTl42MyvPXmZl0PXyXjRGA2/XcQj/Yji > vTWyVKl1TiH5s0fiIZrQZ0M6lTfQ7T2eVnTzX5MjQwin9zDzRDPl77Dbatn57d4H > heMY4GgS7XfHrH/EN5jJvU+vXOKI/bS61ujM28+A1dJnEECduIZbsTQTSDah903t > X/09b8jqUTPJNAQLIfk5/KQS2arhP2Nsoplsy+8a/KOJisRLRWZpoSga4N/CBc3D > CoslAJM1w+za6BV+xKuZSP795ZiuqF34jnb36LTOkiaXcCrKrm4B35ImvCtSOgYX > FvC4NJq+t4f3AVnvNkqaN6ygJifveI4g86C46r8A40YUFSydbQoKiwrDUGvbN+jq > 568014A/p7n0k4N48KPyVZmH8x8NwlBE3n0V4/KW1kXikGUDcyFOoXp+g+nMhRpV > l/I9US8rrBnJbkIlZLOibxI5LzRQ0mqMmspHaqzkl7zGWnP3EwvI1KysgpkotJ+i > shAaY5z1IWg6i5w1iZK/JzOkpixBBZR4ckMAanZXV5UQaW06Swkc81C4vfpJoNAO > qZINTga45uXg2/Wt5xkNjkv9+P5KVnPiVb3YhtGH4b1wRaI9qaQ= > =E1yB > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >